Building Security In: A Tale of Two Stories (RSA 2017)

I spoke @ RSA Conference DevSecOps back in February.

The idea for the talk stemmed from the ton of follow-up questions focussed on one area from my RSA talk last year - automating generation of "security stories" and making them equal citizens to "user stories".

It was a great experience overall coupled with interesting hallway conversations from other AppSec practitioners trying to get upfront security requirements into the hands of their developers.